Privacy & Security

Keystroke logger detected on hospital's computers

May have been in place undetected for nearly four years
By Mike Miliard
November 16, 2015
11:30 AM

A hospital in Kentucky is notifying patients of a security incident, after it was discovered that some of its computers had been infected with a keystroke logger designed to capture and transmit data as it was typed.

This past Friday, OH Muhlenberg, LLC announced that Greenville, Ky.-based Muhlenberg Community Hospital had detected the malware on some of its machines.

The keystroke logger may have been in place since January 2012.

Affected computers were used to enter patient financial data and health information, potentially including names, addresses, telephone numbers, birth dates, Social Security numbers, driver's license/state identification numbers, medical and health plan information, financial account numbers, payment card information and employment-related information. Additionally, some credentialing-related information for providers may also be impacted, officials said.

Noting that they have "no indication that the data has been used inappropriately," Muhlenberg officials did say that they believe the malware could have captured username and password information for accounts or websites that were accessed by employees, contractors or providers using the affected terminals.

[Learn more: Meet the speakers at the HIMSS and Healthcare IT News Privacy and Security Forum.]

In mid-September, the FBI notified Muhlenberg of "suspicious network activity involving third parties," officials said. Upon learning this, the hospital "took immediate action," launching its own internal investigation and hiring a digital forensics and security firm.

"The hospital understands the importance of protecting the privacy and security of its providers', patients' and employees' information," officials said, noting that the hospital worked quickly to contain the damage, "including immediately blocking the external unauthorized IP addresses, taking steps to disable the malware and continuing to enhance the security of its systems moving forward.

Muhlenberg "regrets any inconvenience or concern this incident may cause," officials said, adding that affected patients would receive one year of complimentary identity protection services.

Topics: 
Data Warehousing, Electronic Health Records (EHR, EMR), Network Infrastructure, Privacy & Security, Workforce

More regional news

VA building signage

House passes veterans healthcare package without RESET Act

By
Andrea Fox
November 21, 2024
David Miles of Oklahoma Heart Hospital

Deep dive: A tour of all-digital Oklahoma Heart Hospital, where automation is the norm

By
Bill Siwicki
November 21, 2024
Healthcare workers looking at X-ray images on monitors

Streamlining healthcare operations with multicloud-by-design

November 21, 2024
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

VA building signage
House passes veterans healthcare package without RESET Act

Most Read

HMIS integration with other public HIS sought and more India briefs
Particle Health files antitrust suit against Epic
Choosing a managed IT service for aged care
ASTP intros 2024 draft Federal FHIR Action Plan
VA must strengthen controls addressing EHR performance
CrowdStrike all but assures Capitol Hill: Never again

Research

White Papers

More Whitepapers

Patient Engagement
Patient Engagement
Financial/Revenue Cycle Management

Webinars

More Webinars

Imaging
Interoperability
Artificial Intelligence

Video

David Miles at Oklahoma Heart Hospital_Part 1_Doctor holding health icon Photo by Tippapatt/iStock/Getty Images Plus
The CIO of an all-digital hospital walks readers through its successes
Dr Alice Sutedjo Lisa at SMC Telogorejo Hospital_HIMSS24 APAC
Assisting the elderly in digital care
Dr. Benoit Desjardins of the University of Montreal
Cyberattacks are becoming more widespread, and more disruptive
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards

More Stories

BJ Schaknowski of symplr
Too many IT systems with limited alignment impacts care quality
Doctor in scrubs using computer
Tenet to deploy AI platform across its physician network
Healthcare CIO with other healthcare executives
Health system CIOs' strategic responsibilities continue to evolve
George Pappas at Intraprise Health_Digital shield and lock Photo by da-kuk/Getty Images
Tighter cyber mandates hold New York providers to higher security standards
Clinicians look at diagnostic imaging
American College of Radiology launches AI quality registry
A doctor with glasses sits at a desk and speaks during a telehealth visit.
DEA and HHS extend virtual prescribing for controlled substances through 2025
Dr. Jay Anders at Medicomp Systems_Computer chip with stethoscope Photo by Just_Super/iStock/Getty Images Plus
Transparency and responsible AI are crucial for medical devices
George Pappas of Intraprise Health on cybersecurity
How to protect telemedicine from cyberattacks